Senior Consultant, 3PAO

Senior Consultant, FedRAMP

Location: Remote

Clearance: Clearable US Citizen Can hold up to a Top Secret.

Company Description:

Our Client is an information technology services and consulting company based in the Washington, DC metropolitan area that specializes in delivering cost conscious, innovative solutions to meet the evolving business requirements of the clients we serve. Our Client brings there 360° view of government and commercial solutions to every advisement and assessment engagement. Working hand-in-hand with your team we will identify, understand, and overcome your unique challenges and deliver recommendations positioning you for readiness and success.

 Job Description:

In this role, you will lead assessment and advisory engagements within cloud-based environments. To succeed in this position, you will need a strong understanding of security-related system controls and an understanding of the various testing and implementation methods utilized to ascertain the effectiveness of those controls. You will work in a team atmosphere with an experienced management team and delegate specific tasks to support the assessment and advisory package deliverables.

 Responsibilities:

• Review CSP documentation and provide recommendations
• Lead client engagements from beginning to successful completion based on statement of work deliverables
• Oversee penetration testing and vulnerability scans
• Conduct client meetings as defined in each engagement
• Manage review of all work papers
• Perform responsibilities of Consultant when Associate is not available
• Provide system security consultation within cloud-based and on-premise environments in accordance with NIST, OMB, and other security regulatory frameworks
• Lead the assessment of all system security and compliance documentation (ex. SSP, ISCP, IRP, FIPS-199, CMP, diagrams, policies, and procedures)
• Prepare, review, and/or update, and maintain IT security supporting artifacts
• Lead the development of all system assessment documentation (ex. SAP, SAR, RET, SRTM)
• Provide clients security and compliance guidance
• Identify problems, issues, and challenges within client systems and conduct research to develop technical and conceptual solutions
• Prepare documentation for accreditation authority
• Execute, examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4
• Author recommendations based on findings to improve security postures compliant with NIST controls

 Experience using:

• Vulnerability/compliance scanners
• Network security devices
• SIEMs
• HIDS/AV solutions

 Expected Travel less than 25%

 Required Qualifications:

• Bachelor's degree (4-yr college or university) or equivalent combination of education and experience
• Minimum five (5) years of experience in IT industry with strong familiarity with NIST Special Publications (SP) 800-37 Revision 2, 800-53 Revision 4 and 5, and 800-53A Revision 4, PCI-DSS, SOX, HIPAA
• Strong written and verbal communication skills including the ability to explain technical matters to non-technical audiences
• Strong NIST experience (in order of preference): NIST SP 800-53, FedRAMP, RMF, FISMA, NIST SP 800-171
• Ability to independently lead complex system assessments
• Ability to assist team members with proper artifact collection and detail to client's examples of artifacts to satisfy assessment requirements
• Certification Requirement: CISSP
• Second certification in order of preference to be obtained within 6 months or by conversion date if not already obtained: CISA, CISM, CRISC, CGEIT, CCSP, CISSP, or CAP

 Additional Qualifications:

• Experience reviewing Nessus output
• Strong knowledge of networking components and various operating systems in a cloud environment, including UNIX and Microsoft
• Expertise in other Security Frameworks (CMMC, ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements
• Experience with Amazon Web Services, Microsoft Azure, Google Cloud etc.
• Project management experience or certification (PMP)